package com.itheima.config;

import com.itheima.controller.backend.security.SpringSecurityUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

/**
 * Security配置类
 */
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {

    @Autowired
    private SpringSecurityUserService userService;

    @Autowired
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService).passwordEncoder(myPasswordEncoder());
    }

    /**
     * 配置过滤器链
     * @param http
     * @return
     * @throws Exception
     */
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.formLogin(form -> form
                        .loginPage("/backend/login.html") // 自定义登录页面
                        .loginProcessingUrl("/login") // 登录处理Url
                        .usernameParameter("username") // 修改自定义表单name值
                        .passwordParameter("password") // 修改自定义表单name值
                        .defaultSuccessUrl("/backend/pages/main.html") // 登录成功后跳转路径
                )
                .authorizeRequests(authorize -> authorize
                        .antMatchers("/backend/login.html").permitAll() // 允许访问登录页面
                        .antMatchers("/backend/css/**").permitAll() // 允许访问CSS资源
                        .antMatchers("/backend/img/**").permitAll() // 允许访问图片资源
                        .antMatchers("/backend/js/**").permitAll() // 允许访问JS资源
                        .antMatchers("/backend/plugins/**").permitAll() // 允许访问插件资源
                        .antMatchers("/favicon.ico").permitAll() // 允许访问favicon
                        .antMatchers("/backend/pages/setmeal.html").hasRole("ADMIN") // 角色为ADMIN才能访问套餐管理页面
                        .anyRequest().authenticated() // 所有请求都需要登录认证才能访问
                )
                .csrf(AbstractHttpConfigurer::disable) // 关闭csrf防护
                .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)); // 允许iframe加载页面
        return http.build();
    }

    /**
     * 配置密码加密方式
     * @return
     */
    @Bean
    protected PasswordEncoder myPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }
}
